This listing of claims will replace all prior versions, and listings, of claims in the 
application; 

Listing of Claims 

L (currently amended) A method of inter-area rekeying of encryption keys in secure 
mobile multicast communications, comprising: 

a un - which a Domain Group Controller Key Server (Domain GCKS): 

distributing Traffic Encryption Keys (TEK) to a plurality of local Group Controller 
Key Servers (local GCKS) serving respective group key management areas, as dwherein 
said local Group Controller Key Servers forward said Traffic Encryption Keys, encrypted 
using Key Encryption Keys (KEKj, KEKj) that are specific to the respective local Group 
Controller Key Server (local GCKS*, GCKSj), to group members situated in the 
respective group key management areas, and wherein said local Group Controller Key 
Servers (GCKSi, GCKSj) constitute^ Extra Key Owner Lists (EKOLi, EKOLj) for said 
group key management areas (area i? areaj) that distinguish group members (MM*, MMj) 
possessing Key Encryption Keys (KEKi, KEKj) and situated in the corresponding group 
key management area (area i5 areaj) from group members (MMy) possessing Key 
Encryption Keys (KEKj) that were situated in the corresponding group key management 
area (area,) but are visiting another area (area^, ^characterised in that said local Group 
Gomreller-Key Servers 

forwar ding said Traffic Encryption Keys (TEK) to group members (MMy) visiting 

the respecti ve group key management areas (area.) encrypted using a Visitor Encryption 
Key (VEKj) thai is specific to the respective local Group Controller Key Server (GCKSj) 
and is different from said Key Encryption Key (KEKj); and 

sending a new Visitor Encryption Key (VEKj) to a visiting group member (MMj/ ) 

arriy ing_, in the corresponding group key management area jaigaj ) if them is no, other 
visiting. group member (MMj, ) . situated in t he corresponding grou p key mana gement area 



(areaj) and if a current Visitor Encryption Key (VEKj) exists that has already been used to 
encrypt a previous Traffic Encryption Key (TEK) , 

2. (currently amended) A method as claimed in claim. I, m& further comprising 
rekeying said Traffic Encryption Keys (TEK) after rekeying said Key Encryption 
Key (KEK U KEKj). 

3. (currently amended) A method as claimed in claim l-e^3, wherein said local Group 
Controller Key Servers (GCKS H GCKSj) rekey a Key Encryption Key (KEK |7 KEKj) 
by a process includtn gc omprising sending a new Key Encryption Key (KEKi, KEKj) 
to current group members encrypted using the current Key Encryption Key (KEKi, 
KEKj) and to visiting group members using the Visitor Encryption Key (VEKj, 
VEKj). 

4. (currently amended) A method as claimed in claim 1-of4, wherein said local Group 
Controller Key Server GCKSj sends the Visitor Encryption Key (VEKi) rather than 
the Key Encryption Key (KEKi) to new members joining the group via area^. 

5. (currently amended) A method as claimed in claim 3, wherein said local Group 
Controller Key Servers (GCKSj, GCKS j} rekey a Key Encryption Key (KEKi, KEKj) 
by a process includin gc omprising sending said new Key Encryption Key (KEK^ 
KEKj) selectively to existing group members situated in the corresponding group key 
management area (areai, area,), 

6. (currently amended) A method as claimed in claim 3-e^4, wherein said local Group 
Controller Key Servers (GCKSi, GCKSj) rekey a Key Encryption Key (KEKj, KEKj) 

by a process ^efedk^omprising sending said new Key Encryption Key (KEKi, 
KEKi) to existing group members using multicast messages and to visiting group 
members over a different secure channel 

7. (currently amended) A method as claimed in any of claims 3 to 6 c laim 3 , wherein 

rekeying a Key Encryption Key (KEKi, KEKj) comprises said local Group Controller 
Key Servers (G€K.8 l? GCKSj) sending a new Key Encryption Key (KEKj, KEKj) 



selectively to current group members currently situated in the corresponding group 
key management areas (areaj, areaj). 

8. (currently amended) A method as claimed in claim 3 further comprisinga fty 
preceding claim and including said local- Group Controller K e y Servers - (GCK S^ 
GCKS^ constituting Visitor Key Owner Lists (VKOLj, VKOL|) for said group key 
management areas (areaj, areaj) that distinguish group members (MM*, MMj) 
possessing Visitor Encryption Keys (VEKj, VEKj) and situated in the corresponding 
group key management area (areaj, areaj) from group members (MMy) possessing 
Visitor Encryption Keys (VEKO that were situated in the corresponding group key 
management area (area*) but are visiting another area (areaj). 

9. (original) A method as claimed in claim 8 wherein said Extra Key Owner Lists 
(EKOU EKOLj) and said Visitor Key Owner Lists (VKOL is VKOLj) comprise lists 
of the group members (MMy) possessing Key Encryption Keys (KEK»), respectively 
Visitor Encryption Keys (VEKj, VEKj), that were situated in the corresponding group 
key management area (areai) but are visiting another area (areaj), 

10. (currently amended) A method as claimed in any precedi n g ■ cl ai mclaim L wherein a 
group member (MMy) that was visiting another group key management area (areaj) 
returns to an area (area*) for which it possesses a corresponding Key Encryption Key 
(KEKi) or Visitor Encryption Key (VEKj) before expiry of a validity period set by 
the corresponding Group Controller Key Server (GCKSO without said corresponding 
Group Controller Key Server (GCKSi) rekeying said Key Encryption Key (KEKi). 



